Application Security Engineer
Lodgify
- España
- Permanente
- Tiempo completo
- Lead the Implementation of Secure Development Practices: Work on a Secure Software Development Life Cycle (SSDLC) adoption, and integrate security practices into Lodgify's existing development methodology.
- Work with our development teams by designing/reviewing technical solutions to avoid security weaknesses.
- Identify tools and processes needed to implement an application security program.
- Implement security-focused activities such as threat modeling, secure coding practices, code reviews, and security testing throughout the development process.
- Educate and encourage developers to follow secure coding best practices.
- Manage and enhance our existing bug bounty program, taking ownership of the coordination and resolution of vulnerabilities reported by external researchers. Review and understand issues, and provide guidance to our developers on how to fix them.
- Optimise our WAF protection against common Web Application vulnerabilities and attacks (Cloudflare).
- Contribute to improving the security of our public API, providing security recommendations and solutions.
- 3+ years of experience in an Application Security Engineer role, preferably in a SaaS company.
- In-depth knowledge of web application security, including common vulnerabilities, attack vectors, and mitigation techniques.
- Solid knowledge of OWASP Top 10 and understanding of OWASP testing guide.
- Demonstrated experience in threat modeling and identifying security issues through code review.
- Demonstrated experience in deploying SAST and DAST solutions and verifying their results.
- Proficiency in understanding and analyzing programming languages (e.g. .NET, ReactJS, Flutter, Python, Bash).
- Familiar with API security tools and processes.
- Ability to work collaboratively with cross-functional teams, including developers, QAs and DevOps engineers.
- Able to inculcate security culture among development teams.
- Experience with WAF administration (Cloudflare).
- Familiar with code management systems, CI/CD, Kubernetes, and microservices architecture.
- Familiar with managing external penetration testing processes and results.